‘Particularly Egregious’: US Fertility Hit with Class Action Over Month-Long 2020 Data Breach [UPDATE]
Last Updated on March 23, 2021
Vinsant v. US Fertility, LLC
Filed: January 26, 2021 ◆§ 8:21-cv-00225
US Fertility faces a class action over a month-long 2020 data breach.
Case Updates
March 23, 2021 – US Fertility Facing More Class Action Cases Over Data Breach
At least four more proposed class action lawsuits have been filed against US Fertility in the wake of the 2020 data breach detailed on this page.
The lawsuits, filed throughout February and early March 2021 in Illinois, New York, Maryland and California, allege negligence on part of US Fertility is to blame for a cybersecurity incident in which an “unauthorized actor” was able to gain access to the computer network housing the information of patients and prospective patients of the defendants’ nationwide network of reproduction and fertility clinics. The suits claim the individual behind the ransomware attack had access to patients’ files for more than a month before the breach was discovered and gained access as a result of the allegedly reckless manner in which US Fertility stored patient data.
The cases allege US Fertility fell short of its duties under the Health Insurance Portability and Accountability Act—HIPAA—by exposing confidential, personally identifiable patient information, including dates of birth, demographic details, Social Security numbers, medical histories, insurance information, photo IDs, employer information and other data related to fertility treatments.
The US Fertility network comprises 55 locations across 10 states and employs more than 80 doctors tasked with handling sensitive and private infertility matters.
The complaints can be read here, here and here, and a notice of removal for a fourth lawsuit can be found here. The lawsuits look to represent those whose personal health information was compromised as a result of the ransomware attack that affected US Fertility’s network between August and September 2020.
US Fertility, LLC faces a proposed class action centered on a reported September 2020 data breach in which hackers armed with ransomware gained access to a trove of personal information from the fertility clinic support services company’s clients.
The 29-page lawsuit in Maryland federal court says hackers were able to access US Fertility’s cloud-based systems from August 12 through September 14, 2020, and viewed patients’ names, dates of birth, addresses, Social Security numbers, driver’s licenses and state ID numbers, passport numbers, medical treatment and diagnosis information, medical record details, health insurance and claims specifics and credit and debit card information.
Rather than immediately alerting those affected that their sensitive information had been compromised, US Fertility waited more than two months before notifying fertility clinic patients in November 2020 that its systems had been hit by a ransomware attack, the complaint states.
Stressed in the lawsuit is the particularly sensitive and private nature of the information of fertility clinic patients, who may be going through treatments to have a baby and reasonably expect their personal data to be protected and remain confidential.
“Accordingly, this data security breach is particularly egregious to the victims identified herein,” the suit says.
The lawsuit pins blame for the data breach on US Fertility’s “carelessness and inadequate data security,” claiming fertility clinic patients have, as a result, lost “all sense of privacy.” Many proposed class members have suffered “irreparable harm” and now face an increased risk of identity theft and fraud due to the defendant’s “inadequate and laxed [sic] approach” to data security, the complaint alleges.
According to the suit, proposed class members’ privacy rights were “disregarded” by US Fertility’s “reckless and/or negligent failure” to properly safeguard their data, as well as timely disclose the incident and the material fact that it did not have strong enough computer systems to protect patient information. Noted in the complaint is that US Fertility markets itself as providing “secure data management” services for fertility clinics.
Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.
Before commenting, please review our comment policy.